aboutsummaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
Diffstat (limited to 'src/or')
-rw-r--r--src/or/config.c4
-rw-r--r--src/or/dnsserv.c2
-rw-r--r--src/or/networkstatus.c1
-rw-r--r--src/or/onion.c2
-rw-r--r--src/or/rendclient.c1
-rw-r--r--src/or/rendservice.c6
-rw-r--r--src/or/routerlist.c3
-rw-r--r--src/or/routerparse.c18
8 files changed, 24 insertions, 13 deletions
diff --git a/src/or/config.c b/src/or/config.c
index a27fd22b24..b124db1899 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -5182,8 +5182,8 @@ or_state_save(time_t now)
tor_free(state);
fname = get_datadir_fname("state");
if (write_str_to_file(fname, contents, 0)<0) {
- log_warn(LD_FS, "Unable to write state to file \"%s\"; will try later",
- fname);
+ log_warn(LD_FS, "Unable to write state to file \"%s\"; "
+ "will try again later", fname);
global_state->LastWritten = -1;
tor_free(fname);
tor_free(contents);
diff --git a/src/or/dnsserv.c b/src/or/dnsserv.c
index c491656f73..d5faffb2c3 100644
--- a/src/or/dnsserv.c
+++ b/src/or/dnsserv.c
@@ -286,7 +286,7 @@ dnsserv_resolved(edge_connection_t *conn,
char *ans = tor_strndup(answer, answer_len);
evdns_server_request_add_ptr_reply(req, NULL,
name,
- (char*)answer, ttl);
+ ans, ttl);
tor_free(ans);
} else if (answer_type == RESOLVED_TYPE_ERROR) {
err = DNS_ERR_NOTEXIST;
diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c
index 94bcb41002..dfc3a45f76 100644
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@@ -439,6 +439,7 @@ networkstatus_check_document_signature(const networkstatus_t *consensus,
signed_digest = tor_malloc(signed_digest_len);
if (crypto_pk_public_checksig(cert->signing_key,
signed_digest,
+ signed_digest_len,
sig->signature,
sig->signature_len) < dlen ||
memcmp(signed_digest, consensus->digests.d[sig->alg], dlen)) {
diff --git a/src/or/onion.c b/src/or/onion.c
index 9db9145c78..323e0003e6 100644
--- a/src/or/onion.c
+++ b/src/or/onion.c
@@ -199,6 +199,7 @@ onion_skin_create(crypto_pk_env_t *dest_router_key,
/* set meeting point, meeting cookie, etc here. Leave zero for now. */
if (crypto_pk_public_hybrid_encrypt(dest_router_key, onion_skin_out,
+ ONIONSKIN_CHALLENGE_LEN,
challenge, DH_KEY_LEN,
PK_PKCS1_OAEP_PADDING, 1)<0)
goto err;
@@ -241,6 +242,7 @@ onion_skin_server_handshake(const char *onion_skin, /*ONIONSKIN_CHALLENGE_LEN*/
break;
note_crypto_pk_op(DEC_ONIONSKIN);
len = crypto_pk_private_hybrid_decrypt(k, challenge,
+ ONIONSKIN_CHALLENGE_LEN,
onion_skin, ONIONSKIN_CHALLENGE_LEN,
PK_PKCS1_OAEP_PADDING,0);
if (len>0)
diff --git a/src/or/rendclient.c b/src/or/rendclient.c
index 7c626c6a64..b8526b676d 100644
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@ -184,6 +184,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
/*XXX maybe give crypto_pk_public_hybrid_encrypt a max_len arg,
* to avoid buffer overflows? */
r = crypto_pk_public_hybrid_encrypt(intro_key, payload+DIGEST_LEN,
+ sizeof(payload)-DIGEST_LEN,
tmp,
(int)(dh_offset+DH_KEY_LEN),
PK_PKCS1_OAEP_PADDING, 0);
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 44b5a4b4c0..1d64cf41e3 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -928,7 +928,8 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
/* Next N bytes is encrypted with service key */
note_crypto_pk_op(REND_SERVER);
r = crypto_pk_private_hybrid_decrypt(
- intro_key,buf,(char*)(request+DIGEST_LEN),request_len-DIGEST_LEN,
+ intro_key,buf,sizeof(buf),
+ (char*)(request+DIGEST_LEN),request_len-DIGEST_LEN,
PK_PKCS1_OAEP_PADDING,1);
if (r<0) {
log_warn(LD_PROTOCOL, "Couldn't decrypt INTRODUCE2 cell.");
@@ -1365,7 +1366,8 @@ rend_service_intro_has_opened(origin_circuit_t *circuit)
goto err;
len += 20;
note_crypto_pk_op(REND_SERVER);
- r = crypto_pk_private_sign_digest(intro_key, buf+len, buf, len);
+ r = crypto_pk_private_sign_digest(intro_key, buf+len, sizeof(buf)-len,
+ buf, len);
if (r<0) {
log_warn(LD_BUG, "Internal error: couldn't sign introduction request.");
reason = END_CIRC_REASON_INTERNAL;
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 253b787217..e29b4c49d8 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -5016,7 +5016,8 @@ routerinfo_incompatible_with_extrainfo(routerinfo_t *ri, extrainfo_t *ei,
if (ei->pending_sig) {
char signed_digest[128];
- if (crypto_pk_public_checksig(ri->identity_pkey, signed_digest,
+ if (crypto_pk_public_checksig(ri->identity_pkey,
+ signed_digest, sizeof(signed_digest),
ei->pending_sig, ei->pending_sig_len) != DIGEST_LEN ||
memcmp(signed_digest, ei->cache_info.signed_descriptor_digest,
DIGEST_LEN)) {
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 691b9beabc..66d024ecd4 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -702,11 +702,13 @@ router_append_dirobj_signature(char *buf, size_t buf_len, const char *digest,
size_t digest_len, crypto_pk_env_t *private_key)
{
char *signature;
- size_t i;
+ size_t i, keysize;
int siglen;
- signature = tor_malloc(crypto_pk_keysize(private_key));
- siglen = crypto_pk_private_sign(private_key, signature, digest, digest_len);
+ keysize = crypto_pk_keysize(private_key);
+ signature = tor_malloc(keysize);
+ siglen = crypto_pk_private_sign(private_key, signature, keysize,
+ digest, digest_len);
if (siglen < 0) {
log_warn(LD_BUG,"Couldn't sign digest.");
goto err;
@@ -1059,6 +1061,7 @@ check_signature_token(const char *digest,
const char *doctype)
{
char *signed_digest;
+ size_t keysize;
const int check_authority = (flags & CST_CHECK_AUTHORITY);
const int check_objtype = ! (flags & CST_NO_CHECK_OBJTYPE);
@@ -1080,10 +1083,11 @@ check_signature_token(const char *digest,
}
}
- signed_digest = tor_malloc(tok->object_size);
- if (crypto_pk_public_checksig(pkey, signed_digest, tok->object_body,
- tok->object_size)
- < digest_len) {
+ keysize = crypto_pk_keysize(pkey);
+ signed_digest = tor_malloc(keysize);
+ if (crypto_pk_public_checksig(pkey, signed_digest, keysize,
+ tok->object_body, tok->object_size)
+ < DIGEST_LEN) {
log_warn(LD_DIR, "Error reading %s: invalid signature.", doctype);
tor_free(signed_digest);
return -1;
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion